--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/auto/BogusKDC.java Fri Jul 17 17:30:55 2015 -0700
@@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.File;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.HashMap;
+import java.util.Map;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+/*
+ * @test
+ * @bug 4515853 8075297
+ * @summary Checks that Kerberos client tries slave KDC
+ * if master KDC is not responding
+ * @run main/othervm BogusKDC
+ */
+public class BogusKDC {
+
+ static final String TEST_SRC = System.getProperty("test.src", ".");
+ static final String HOST = "localhost";
+ static final String NOT_EXISTING_HOST = "not.existing.host";
+ static final String REALM = "TEST.REALM";
+ static final String USER = "USER";
+ static final String USER_PRINCIPAL = USER + "@" + REALM;
+ static final String USER_PASSWORD = "password";
+ static final String KRBTGT_PRINCIPAL = "krbtgt/" + REALM;
+ static final String KRB5_CONF = "krb5.conf";
+ static final int WRONG_KDC_PORT = 21;
+
+ static final String KRB5_CONF_TEMPLATE = ""
+ + "[libdefaults]\n"
+ + "default_realm = TEST.REALM\n"
+ + "max_retries = 1\n"
+ + "\n"
+ + "[realms]\n"
+ + "TEST.REALM = {\n"
+ + " kdc = %s\n"
+ + " kdc = localhost:%d\n"
+ + "}";
+
+ public static void main(String[] args) throws LoginException, IOException {
+ Map<String, String> principals = new HashMap<>();
+ principals.put(USER_PRINCIPAL, USER_PASSWORD);
+ principals.put(KRBTGT_PRINCIPAL, null);
+
+ System.setProperty("java.security.krb5.conf", KRB5_CONF);
+
+ // start a local KDC
+ KDC kdc = KDC.startKDC(HOST, KRB5_CONF, REALM, principals, null, null);
+
+ System.setProperty("java.security.auth.login.config",
+ TEST_SRC + File.separator + "refreshKrb5Config.jaas");
+
+ CallbackHandler handler = new Helper.UserPasswordHandler(
+ USER, USER_PASSWORD);
+
+ // create a krb5 config with non-existing host for master KDC,
+ // and wrong port for slave KDC
+ try (PrintWriter w = new PrintWriter(new FileWriter(KRB5_CONF))) {
+ w.write(String.format(KRB5_CONF_TEMPLATE,
+ KDC.KDCNameService.NOT_EXISTING_HOST, WRONG_KDC_PORT));
+ w.flush();
+ }
+
+ // login with not-refreshable config
+ try {
+ new LoginContext("NotRefreshable", handler).login();
+ throw new RuntimeException("Expected exception not thrown");
+ } catch (LoginException le) {
+ System.out.println("Expected login failure: " + le);
+ }
+
+ // create a krb5 config with non-existing host for master KDC,
+ // but correct port for slave KDC
+ try (PrintWriter w = new PrintWriter(new FileWriter(KRB5_CONF))) {
+ w.write(String.format(KRB5_CONF_TEMPLATE,
+ KDC.KDCNameService.NOT_EXISTING_HOST, kdc.getPort()));
+ w.flush();
+ }
+
+ // login with not-refreshable config
+ try {
+ new LoginContext("NotRefreshable", handler).login();
+ throw new RuntimeException("Expected exception not thrown");
+ } catch (LoginException le) {
+ System.out.println("Expected login failure: " + le);
+ }
+
+ // login with refreshable config
+ new LoginContext("Refreshable", handler).login();
+
+ System.out.println("Test passed");
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/auto/Helper.java Fri Jul 17 17:30:55 2015 -0700
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+public class Helper {
+
+ static class UserPasswordHandler implements CallbackHandler {
+
+ private final String name;
+ private final String password;
+
+ UserPasswordHandler(String name, String password) {
+ this.name = name;
+ this.password = password;
+ }
+
+ @Override
+ public void handle(Callback[] callbacks)
+ throws UnsupportedCallbackException {
+ for (Callback callback : callbacks) {
+ if (callback instanceof PasswordCallback) {
+ ((PasswordCallback) callback).setPassword(
+ password.toCharArray());
+ } else if (callback instanceof NameCallback) {
+ ((NameCallback)callback).setName(name);
+ } else {
+ throw new UnsupportedCallbackException(callback);
+ }
+ }
+ }
+ }
+}
--- a/jdk/test/sun/security/krb5/auto/KDC.java Fri Jul 17 19:40:25 2015 +0800
+++ b/jdk/test/sun/security/krb5/auto/KDC.java Fri Jul 17 17:30:55 2015 -0700
@@ -1320,14 +1320,17 @@
}
}
- public static void startKDC(final String host, final String krbConfFileName,
+ public static KDC startKDC(final String host, final String krbConfFileName,
final String realm, final Map<String, String> principals,
final String ktab, final KtabMode mode) {
+ KDC kdc;
try {
- KDC kdc = KDC.create(realm, host, 0, true);
+ kdc = KDC.create(realm, host, 0, true);
kdc.setOption(KDC.Option.PREAUTH_REQUIRED, Boolean.FALSE);
- KDC.saveConfig(krbConfFileName, kdc);
+ if (krbConfFileName != null) {
+ KDC.saveConfig(krbConfFileName, kdc);
+ }
// Add principals
if (principals != null) {
@@ -1379,6 +1382,7 @@
throw new RuntimeException("KDC: unexpected exception", e);
}
+ return kdc;
}
/**
@@ -1428,13 +1432,20 @@
}
public static class KDCNameService implements NameServiceDescriptor {
+
+ public static String NOT_EXISTING_HOST = "not.existing.host";
+
@Override
public NameService createNameService() throws Exception {
NameService ns = new NameService() {
@Override
public InetAddress[] lookupAllHostAddr(String host)
throws UnknownHostException {
- // Everything is localhost
+ // Everything is localhost except NOT_EXISTING_HOST
+ if (NOT_EXISTING_HOST.equals(host)) {
+ throw new UnknownHostException("Unknown host name: "
+ + NOT_EXISTING_HOST);
+ }
return new InetAddress[]{
InetAddress.getByAddress(host, new byte[]{127,0,0,1})
};
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/auto/RefreshKrb5Config.java Fri Jul 17 17:30:55 2015 -0700
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.File;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+/*
+ * @test
+ * @bug 4745056 8075297
+ * @summary Checks if refreshKrb5Config is set to true for Krb5LoginModule,
+ * then configuration will be refreshed before login() method is called
+ * @run main/othervm RefreshKrb5Config
+ */
+public class RefreshKrb5Config {
+
+ static final String TEST_SRC = System.getProperty("test.src", ".");
+ static final String HOST = "localhost";
+ static final String NOT_EXISTING_HOST = "not.existing.host";
+ static final String REALM = "TEST.REALM";
+ static final String USER = "USER";
+ static final String USER_PRINCIPAL = USER + "@" + REALM;
+ static final String USER_PASSWORD = "password";
+ static final String KRBTGT_PRINCIPAL = "krbtgt/" + REALM;
+ static final String KRB5_CONF_FILENAME = "krb5.conf";
+
+ public static void main(String[] args) throws LoginException, IOException {
+ Map<String, String> principals = new HashMap<>();
+ principals.put(USER_PRINCIPAL, USER_PASSWORD);
+ principals.put(KRBTGT_PRINCIPAL, null);
+
+ System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);
+
+ // start a local KDC, and save krb5 config
+ KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
+ KDC.saveConfig(KRB5_CONF_FILENAME, kdc, "max_retries = 1");
+
+ System.setProperty("java.security.auth.login.config",
+ TEST_SRC + File.separator + "refreshKrb5Config.jaas");
+
+ CallbackHandler handler = new Helper.UserPasswordHandler(
+ USER, USER_PASSWORD);
+
+ // set incorrect KDC
+ System.out.println("java.security.krb5.kdc = " + NOT_EXISTING_HOST);
+ System.setProperty("java.security.krb5.kdc", NOT_EXISTING_HOST);
+ System.out.println("java.security.krb5.realm = " + REALM);
+ System.setProperty("java.security.krb5.realm", REALM);
+ try {
+ new LoginContext("Refreshable", handler).login();
+ throw new RuntimeException("Expected exception not thrown");
+ } catch (LoginException le) {
+ System.out.println("Expected login failure: " + le);
+ }
+
+ // reset properties
+ System.out.println("Reset java.security.krb5.kdc");
+ System.clearProperty("java.security.krb5.kdc");
+ System.out.println("Reset java.security.krb5.realm");
+ System.clearProperty("java.security.krb5.realm");
+
+ // login with not-refreshable config
+ try {
+ new LoginContext("NotRefreshable", handler).login();
+ throw new RuntimeException("Expected exception not thrown");
+ } catch (LoginException le) {
+ System.out.println("Expected login failure: " + le);
+ }
+
+ // login with refreshable config
+ new LoginContext("Refreshable", handler).login();
+
+ System.out.println("Test passed");
+ }
+
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/auto/refreshKrb5Config.jaas Fri Jul 17 17:30:55 2015 -0700
@@ -0,0 +1,11 @@
+Refreshable {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useTicketCache=false
+ refreshKrb5Config=true;
+};
+
+NotRefreshable {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useTicketCache=false
+ refreshKrb5Config=false;
+};